Mail certificate expired?

NewbieGuy · December 23, 2021, 10:26pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mail.prospectid.com

I ran this command:NA

It produced this output: NA

My web server is (include version): nginx

The operating system my web server runs on is (include version):CentOS Linux release 8.5.2111
My hosting provider, if applicable, is: linode

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):none

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.20.0

Hi, it's me again. Sorry, but got excellent advice last time, but have a different issue this time. I am running a mail server with iRedMail installed and I'm trying to add it as an external smtp for a client on his zoho account. I received an error and their support says "could not add the external IMAP account as the connection certificate was invalid"

They then gave me the following url to check:
https://www.sslshopper.com/ssl-checker.html#hostname=mail.prospectid.com:993

when I check the server name it gives me a valid result:
https://www.sslshopper.com/ssl-checker.html#hostname=mail.prospectid.com

Why would the one say the certificate has expired?

Osiris · December 23, 2021, 10:33pm

Could be numerous things, e.g.:

Your IMAP service wasn't reloaded after the renewal;
Your IMAP service is configured to use the incorrect certificate.

Funny thing is, your SMTP service is actually using the correct certificate. But your POP3 service isn't. So probably Dovecot requires a reload or correct configuration of its certificate.

NewbieGuy · December 23, 2021, 10:36pm

would this be a good place to start?

Osiris · December 23, 2021, 10:40pm

No. Or: partly. Because:

That post mostly is about installing the certificate in the first place, which you already have done, otherwise you wouldn't also be serving the previously, now-expired certificate;
However, it does show the correct location of the files, so you can use it to doublecheck your own configuration;
But it uses dovecot restart which in theory leads to a little bit of downtime. However, the dovecot program has the reload command, which will just do that: reload the configuration. Without downtime. Which is obviously better than restarting the entire thing with downtime.

NewbieGuy · December 23, 2021, 10:43pm

Thanks @Osiris, reload command seems to have fixed it. The iRedmail install generated a lot of weird configs which I'm working through

system · January 22, 2022, 10:43pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate expired cannot renew Help	13	2106	January 12, 2022
PostFIX/SMPTD shown some erros about expired certicates Help	10	380	May 8, 2024
Office 365 Outlook 2016 - Security Certificate has expired Help	3	4310	April 5, 2018
Email says SSL expiring dec-7 Help	3	862	January 5, 2018
Iredmail Outlook 365 The target principal name is incorrect Help	4	622	May 6, 2022

Mail certificate expired?

Related topics